Saltar al contenido

admin

TCPDump: Capture and Record Specific Protocols / Port

  • admin 

Q. How do I capture specific protocol or port such as 80 ( http ) using TCPDump tool under Linux / UNIX? How do I recording Traffic with TCPDump and find problems later on?

A. TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.

Monitor all packets on eth1 interface

tcpdump -i eth1

Monitor all traffic on port 80 ( HTTP )

tcpdump -i eth1 ‘port 80’

Monitor all traffic on port 25 ( SMTP )

tcpdump -vv -x -X -s 1500 -i eth1 ‘port 25’

Where,

-vv : More verbose output
-x : When parsing and printing, in addition to printing the headers of each packet, print the data of each packet.
-X : hen parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
-s 1500: Snarf snaplen bytes of data from each packet rather than the default of 68. This is useful to see lots of information.
-i eth1 : Monitor eth1 interface
Capturing traffic information using cronjobs

tcpdump can be used to find out about attacks and other problems. Let us say your webserver facing problem everday at midnight. Enter following command into cron. It will schedule capturing of 30,000 packets and writing raw data to a file called port.80.debug.txt:
@midnight /usr/sbin/tcpdump -n -c 30000 -w /root/port.80.debug.txt

Next day you can log into your box and read the /root/port.80.debug.txt file:
tcpdump -X -vv -r /root/port.80.debug.txt

This simple technique can be used record and debug problems.

Further readings:

man page tcpdump

Confuncio – Confucius

  • admin 

BC 551-BC 479. Chinese philosopher.

  • Chose a job you love, and you will never have to work a day in your life.
  • Our greatest glory is not in never falling, but in rising every time we fall.
  • Everything has beauty, but not everyone sees it.
  • Before you embark on a journey of revenge, dig two graves.
  • If you think in terms of a year, plant a seed; if in terms of ten years, plant trees; if in terms of 100 years, teach the people.
  • In a country well governed poverty is something to be ashamed of. In a country badly governed wealth is something to be ashamed of.
  • To put the world in order, we must first put the nation in order; to put the nation in order, we must put the family in order; to put the family in order, we must cultivate our personal life; and to cultivate our personal life, we must first set our hearts right.
  • Silence is the true friend that never betrays.
  • A man who has committed a mistake and doesn’t correct it is committing another mistake.
  • The strength of a nation derives from the integrity of the home.

En Español:

  • Exígte mucho a ti mismo y espera poco de los demás. Así te ahorrarás disgustos.
  • No me preocupa el no ser conocido. De lo que se trata es de hacerme digno de ser conocido.
  • El que domina su cólera, domina a su peor enemigo.